F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints.

While these flaws require specific criteria to exist, making them very difficult to exploit, F5 warns that it could lead to a complete compromise of the devices.

The first flaw is tracked as CVE-2022-41622 (CVSS v3 – 8.8) and is an unauthenticated RCE via cross-site forgery on iControl SOAP, impacting multiple BIG-IP and BIG-IQ versions.

Read more…
Source: Bleeping Computer